漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RISE Ultimate Project Manager & CRM 安全漏洞
Vulnerability Description
RISE Ultimate Project Manager & CRM是RISE公司的一套项目管理系统。 RISE Ultimate Project Manager & CRM存在安全漏洞,该漏洞源于认证用户可在发票和消息中注入任意HTML,可能导致钓鱼攻击、凭据窃取和商业邮件泄露。
CVSS Information
N/A
Vulnerability Type
N/A